lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230404163018.GJ4514@unreal> Date: Tue, 4 Apr 2023 19:30:18 +0300 From: Leon Romanovsky <leon@...nel.org> To: Steffen Klassert <steffen.klassert@...unet.com> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Herbert Xu <herbert@...dor.apana.org.au>, netdev@...r.kernel.org, Saeed Mahameed <saeedm@...dia.com>, Raed Salem <raeds@...dia.com> Subject: Re: [GIT PULL] Improve IPsec limits, ESN and replay window On Mon, Apr 03, 2023 at 09:41:54AM +0300, Leon Romanovsky wrote: > This series overcomes existing hardware limitations in Mellanox ConnectX > devices around handling IPsec soft and hard limits. > > In addition, the ESN logic is tied and added an interface to configure > replay window sequence numbers through existing iproute2 interface. > > ip xfrm state ... [ replay-seq SEQ ] [ replay-oseq SEQ ] > [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ] > > Link: https://lore.kernel.org/all/cover.1680162300.git.leonro@nvidia.com > Signed-off-by: Leon Romanovsky <leon@...nel.org> > > ---------------------------------------------------------------- > > The following changes since commit 5a6cddb89b51d99a7702e63829644a5860dd9c41: > > net/mlx5e: Update IPsec per SA packets/bytes count (2023-03-20 11:29:52 +0200) > > are available in the Git repository at: > > https://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux.git/ tags/ipsec-esn-replay > > for you to fetch changes up to 9f758558e309d11ef31dbdabdb1e3aa1003aebf9: > > net/mlx5e: Simulate missing IPsec TX limits hardware functionality (2023-04-03 09:29:47 +0300) > > ---------------------------------------------------------------- > Leon Romanovsky (10): > net/mlx5e: Factor out IPsec ASO update function > net/mlx5e: Prevent zero IPsec soft/hard limits > net/mlx5e: Add SW implementation to support IPsec 64 bit soft and hard limits > net/mlx5e: Overcome slow response for first IPsec ASO WQE > xfrm: don't require advance ESN callback for packet offload Hi Steffen, Can you please provide your Acked-by for this patch? https://lore.kernel.org/all/9f3dfc3fef2cfcd191f0c5eee7cf0aa74e7f7786.1680162300.git.leonro@nvidia.com Thanks > net/mlx5e: Remove ESN callbacks if it is not supported > net/mlx5e: Set IPsec replay sequence numbers > net/mlx5e: Reduce contention in IPsec workqueue > net/mlx5e: Generalize IPsec work structs > net/mlx5e: Simulate missing IPsec TX limits hardware functionality > > .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 329 ++++++++++++++++++--- > .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 47 ++- > .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 31 +- > .../mellanox/mlx5/core/en_accel/ipsec_offload.c | 198 ++++++++++--- > net/xfrm/xfrm_device.c | 2 +- > 5 files changed, 496 insertions(+), 111 deletions(-)
Powered by blists - more mailing lists